December 8, 2017

Subscribe

iOS HomeKit bug exposed smart locks to unauthorized access

by John_A

Apple has another security issue to deal with. As 9to5Mac reports today, Apple’s HomeKit framework has a vulnerability that allows unauthorized access to connected smart devices like locks and garage door openers. Apple has already put in a server-side fix that rectifies the issue, but the fix also disables remote access to shared users. Apple says that the reduced functionality will be restored with an iOS 11.2 update next week.

While 9to5Mac didn’t share the details of the vulnerability, it also reportedly opened up smart lights, thermostats and plugs to unauthorized control. This issue follows a High Sierra bug discovered last month that allowed users to gain admin access without a password.

Because the server-side fix has already been implemented, users do not need to take any additional steps to secure their smart products. Just be sure to install the iOS update when it’s released in order to regain the reduced functionality.